Control: retitle -1 groonga-httpd: Privilege escalation due to insecure use of logrotate (CVE-2019-11675)
On Wed, May 01, 2019 at 05:29:58PM +0200, Wolfgang Hotwagner wrote: > Package: groonga-httpd > Version: 6.1.5-1 > Severity: critical > Tags: security > Justification: root security hole > > Dear Maintainer, > > The path of the logdirectory of groonga-httpd can be manipulated by user > groonga: [...] MITRE has now assigned CVE-2019-11675 for this issue. Regards, Salvatore